How would you know or prevent it before you use it ?
Please provide comments and solutions that are helpful to the author of this topic.
Unusual behavior that is not intended to happen like high CPU/RAM usage, shady processes, weird files appearing.How would you know or prevent it before you use it ?
Use of good behavioural blocker/ hips coupled with good hardware firewall and a good malware blocking systemwide Doh ( preferably on router itself). behavioural blocker/ hips does not depend on signatures and whitelisting hence a malware even though signed one can get detected and coupled with a dns blocker would prevent downloading of further payload. I would suggest Nextdns Doh with the below setting enabled ( this setting can block almost all phishing and malware domains as these domains do not last more than a week or so and the malware creators likes to change it every now and then to avoid detection and blacklisting) .How would you know or prevent it before you use it ?
Cisco says it obtained a digital copy of the hackers' command-and-control server from an unnamed source involved in the CCleaner investigation. The server contained a database of every backdoored computer that had "phoned home" to the hackers' machine between September 12 and 16.
That's practically not possible for every single app you install, I have more than 50 apps (installed or using portable version) of which 15 are regularly used. The amount of time it would take checking every single app changelog or blog post would be insane, considering they update most updates many times a month.It's a good idea to always check the blog from the company/developer to keep yourself updated so you don't keep the compromised version on your PC.
That was the only first incident in 2017 there was another one in 2019There is not much you can do except hope AV running will finally discover the malware running on system. In case of CCleaner malware in 2017 it collected user data for at least 4 days as seen on their C&C server copy.
When i found out about these incidents, i stopped using Piriform products. In my opinion they are not trustworthy anymore.That was the only first incident in 2017 there was another one in 2019
Avast says hackers breached internal network through compromised VPN profile
Czech antivirus maker discloses second attack aimed at compromising CCleaner releases.www.zdnet.com
Yeah that too, 2nd time hackers didn't manage to push out malware to end user though.That was the only first incident in 2017 there was another one in 2019
Avast: No plans to discontinue CCleaner following second hack in two years
Czech intelligence agency: "Data analysis suggests that the attack came from China."www.zdnet.com
You're preaching to the choir. Everybody knows Windows Firewall is enough, and if 1 browser extension is good, 2 must be better, and 3 gives you near invincibility. Four makes your browser God like.This is a case where there is no need for a typical user to worry as there is absolutely nothing one can do about it. On the plus side, however is that such breaches are both difficult and expensive to implement and therefore are really not targeted at Peasants like us (as was the case with the above mentioned CCleaner hack- only those specifically targeted by the first part of the installed Floxif trojan got the actual second part which was the backdoor. Although some still freak the full infection hit probably only 40 systems worldwide, and those belonging to Major corporations).
The more recent case is the massive SolarWinds breach where a malicious dll was woven into a signed update in March 2020. Nothing a typical user could do here as it still would be unknown if not for Mandiant following up on some unusual activity.
The world would be a less worrisome place if Corporations would implement 2FA at every level and Home users would not think WF "is enough" as well as installing every browser extension under the sun.
Maybe. Maybe not.If it attacks everyone and anyone, it will be detected very fast.
found it:You can use behaviour techniques @Andy Ful wrote about:
Waiting some days before downloading or installing.
(I sadly can’t find his post about)
Simply, the user should execute/open the new files with one-day-delay. Why it can be useful? Because after one day, the malware is not 0-day anymore.
This I have to ask about; how does blocking incoming connections help in defending against a malicious process? They typically connect outbound.Windows firewall can block all incoming connections and this is usually enough.
It often causes false accusationsA good antivirus will do